> On 四月 1, 2022, 6:04 a.m., Kirby Zhou wrote: > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java > > Line 1412 (original), 1424 (patched) > > <https://reviews.apache.org/r/73922/diff/1/?file=2267178#file2267178line1427> > > > > It not works for FIPS. > > FIPS require random salt, so we can not compare oldPassword and > > newPassword, encoded-oldPassword and encoded-newPassword directy, > > bhavik patel wrote: > That's true and That’s the main reason I pinged in the Jira to discuss > the approach. > > Kirby Zhou wrote: > You can simply call the old version function in a loop. > > bhavik patel wrote: > if we execute in the loop than also the result will be same unless we > have the old salt value. > > bhavik patel wrote: > @Kirby Zhou, If you have FIPS enabled environment then can you please > update this patch for the same and raise new Review Request(with all the > changes)
Read the old code, you actully have the old salt value. It is in the encoded-password. - Kirby ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73922/#review224233 ----------------------------------------------------------- On 四月 1, 2022, 7:50 a.m., bhavik patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73922/ > ----------------------------------------------------------- > > (Updated 四月 1, 2022, 7:50 a.m.) > > > Review request for ranger, Dhaval Shah, Dineshkumar Yadav, Kirby Zhou, Abhay > Kulkarni, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Pradeep Agrawal, > Ramesh Mani, and Velmurugan Periasamy. > > > Bugs: RANGER-3687 > https://issues.apache.org/jira/browse/RANGER-3687 > > > Repository: ranger > > > Description > ------- > > Password history should be configured to restrict users from reusing their > last 4 or 5 passwords. > > > Diffs > ----- > > security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql > 26282f770 > security-admin/db/mysql/patches/059-update-x-portal-user-table.sql > PRE-CREATION > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 0e61038d5 > security-admin/src/main/java/org/apache/ranger/entity/XXPortalUser.java > d0451b4d2 > security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml > e2bfc8fff > > > Diff: https://reviews.apache.org/r/73922/diff/2/ > > > Testing > ------- > > 1. Verified the basic functionality of "/passwordchange" api > 2. Verified "/secure/users" & "/secure/users/{id}" API’s > > 3. Once the basic review/discussion is done will fix the Test-cases > > > Thanks, > > bhavik patel > >
